<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<meta name="generator" content=
"HTML Tidy for Windows (vers 14 February 2006), see www.w3.org" />
<title>Reconditioned Machines</title>
<link rel="stylesheet" href="home.css" type="text/css" />
</head>
<body>
<div class="page">
<?php
include 'menu.php';


// Connect to server and select database.
mysql_connect("localhost", "hydroclean", "winter11")or die("cannot connect"); 
mysql_select_db("hydroclean")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM members WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "reconditioned_admin.php"
//deprecated code
//session_register("myusername");
//session_register("mypassword"); 
session_start();
$_SESSION["myusername"] = $myusername;
$_SESSION["mypassword"] = $mypassword;
//echo($_SESSION["myusername"]);
header("location:reconditioned_admin.php");
}
else {
echo "Wrong Username or Password";
}
?>



</body>
</head>